Filling in the inventory of assets
Assign topic to the user
Answer: You could do the Inventory of assets first if you wish, but it is easier to start filling in the Risk assessment table first - once you are finished with this table, then you just copy the information to the Inventory of assets.
When I do the inventory, does every single laptop, server, etc need to be documented? I found this template which was free.
Answer: This is the same with Inventory of assets and Risk assessment table - you don't have to fill in each and every laptop - you can just specify that you have a class called "laptops" and that the owner of each laptop is a person who is using it. Basically, every time you have several assets which have very similar threats and vulnerabilities, in such cases you can specify these classes of assets instead of single assets.
By the way, you can see a detailed explanation about all this in a video tutorial called "How to Implement Risk Assessment According to ISO 27001."
Comment as guest or Sign in
Jan 12, 2016